- Sr. Developer: Developed a program [for Goddard Technologies] that uses the "No-Fly List" Excel spreadsheet, provided by the FAA and the database of badged employees to permute the name combinations. It takes into consideration multiple first and middle names, with Soundex and the various "initial" combinations. This program reduced the time for comparison from 3 days to 10 minutes.

if it's password protected, it is encrypted. Just not very well.posted by delmoi at 2:01 PM on July 15, 2005

That said, the "no fly" list is probably pretty small, so there's not really much of a reason not to use Excel, other then that it's quite goofy.posted by delmoi at 2:02 PM on July 15, 2005

if it's password protected, it is encrypted. Just not very well.

Weak encryption is just as bad as no encryption.posted by cmonkey at 2:05 PM on July 15, 2005

And using weak encryption with a pre-shared key (the password) is even worse.posted by cmonkey at 2:06 PM on July 15, 2005

This works great, until we get to the 65,537th terrorist.posted by wah at 2:12 PM on July 15, 2005

Weak encryption is just as bad as no encryption.

In fact it's probably worse. Weak encryption can provide a false sense of security--for instance, people may become lax in following additional security procedures (ie, by sending the file via email) because of this false sense.posted by MikeKD at 2:18 PM on July 15, 2005

I don’t get the whole concept of a “no-fly” list:

If you know somebody is sooooo dangerous he can never ever be allowed on a plane, no matter what sort of strip-search, anal probe, cat-scan or interrogation you put him through, that his mere presence on an aircraft causes it to crash into the nearest skyscraper, wouldn’t you put him in jail? Assign his own personal FBI-goon to shadow him 24/7?

“No flying for you, buddy! We’re on to you! Feel free to walk around, taking pictures and leaving briefcases in subways, though”.posted by signal at 2:26 PM on July 15, 2005

Amusingly or not depending on how you look at it, apparently recently someone with my real name was added to the no-fly list. I can no longer check in curbside, and the level of scrutiny I get when I fetch my boarding pass has ranged from not even raised eyebrows to requiring a call to some unknown number where the personal information from my DL is reeled off. I've not yet been denied boarding, nor have I been subject to additional security measures that I'm aware of.

One person recommended that to avoid this in the future I may want to try and get my next ticket using my full (including middle) name. If that works, I'm going to laugh my ass off.posted by wolftrouble at 2:41 PM on July 15, 2005

Should alternative 2) see another team of islamomistacists take out some more of NY's skyline then Bureaucrat Man will catch a lot of shit from Upon High and not have good career prospects going forward.

Policy 1) greatly inconveniences many people, and shoves the power of the Bureaucrat Man into everyone's faces, but these are features, not bugs, as far as Bureaucrat Man is concerned.posted by Heywood Mogroot at 3:27 PM on July 15, 2005

Ahh yes, I was in the same predicament. No curb side check-in, no online check-in, and the agent at the desk would disappear with my license to make The Call. After about six months it stopped and now I check in where ever I want along with the rest of the non-terrorists.posted by aenea at 3:32 PM on July 15, 2005

Um ... does Excel still have that 65,535 row limit?posted by kaemaril at 3:44 PM on July 15, 2005

One person recommended that to avoid this in the future I may want to try and get my next ticket using my full (including middle) name. If that works, I'm going to laugh my ass off.

I am on the "Selectee" list, having earned that honor after a number of one-way trips between San Francisco, Vegas, Vancouver, and Washington, DC, many with short notice, some of which didn't involve return air travel, one of which was paid in cash (Vegas -- I won), and several of which I had to change after purchase. A minor federal marijuana beef in 1995 may also have come into play here.

I've tried booking tickets with and without my middle name, and using a shortened form of my first name (i.e. Rich for Richard, Tom for Thomas).

While I've never had a problem checking in with a ticket that had a short form of the name on my ID (contrary to popular belief), nothing I could do has prevented me from receiving the big S on my bording pass.

Now, YMMV, considering that you're not actually on the list, but for this person who is, playing the name game doesn't help.

With that said... the "Selectee" security line/room is generally shorter and faster in most US airports, so it's something of a mixed blessing. I wait for the guy to paw through my briefcase, while you wait in line.posted by toxic at 3:45 PM on July 15, 2005

Perhaps it's Friday afternoon and I'm tired, why is this information secret? How is this different than "wanted" posters in a post office?posted by ParisParamus at 4:45 PM on July 15, 2005

I'm sure it wouldn't be a problem to get into that file and add ParisParamus.posted by eyeballkid at 4:55 PM on July 15, 2005

I guess it's worth it to share how I came across this nugget...someone at the CIA had browsted my home page, googling for "no fly list spreadsheet xls". I got a screencap here. First and foremost, would it be reasonable to assume that they were looking for it "in the wild" because it may be out there? BTW, guess who helps maintain the No-Fly List? Coicepoint.posted by rzklkng at 5:17 PM on July 15, 2005

More likely, considering that they're using Excel to do this, the 'secrecy' is probably from their fear that we'll discover how completely clueless they are.posted by Malor at 8:43 PM on July 15, 2005

Wanna bet someone at DHS is just now googling MetaFilter? Can a sock puppet be on a no-fly-list?posted by realcountrymusic at 9:02 PM on July 15, 2005

I work for an airline and have access to the no-fly list (in PDF format.)

First of all, it is HUGE. Like, 500 pages long. It looks like a spreadsheet but I didn't realize it was Excel. Not quite 65,536 names (heh!) but certainly in the ballpark of 10,000, I'd guess.

There are a lot of problems with it obviously. All it takes is one 'suspect' to use the alias 'Joe Smith' on a flight, and anyone named anything close to 'Joe Smith' will forever be flagged. I've seen it happen with numerous common last names.

Finally, to toxic and others I've heard make similar comments, you won't find your way onto any maintained list because of your travel habits. However, each time you travel, you may be flagged for reasons other than being on a list (as you've found, buying one-way tickets and/or buying with cash are among those reasons, in addition to buying at the last minute.)posted by gazole at 9:07 PM on July 15, 2005

What if this is a fake list? Disinformation? OK. Now I'm going to look at the list for the first time.

By the way, SodaPop: funniest thing I've read on Mefi in quite some time!posted by ParisParamus at 9:45 PM on July 15, 2005

You know, this post is a let-down. I thought there was actually a link to the list.

1. Excel spreadsheet passwords are not only considered weak encryption, they're not considered safe for government use - I wonder how in the hell this format was chosen?
2. What were they using prior to Excel? VisiCalc? I mean, damn.
3. Government officials can already count on this file being in the hands of someone that shouldn't have it.posted by FormlessOne at 10:12 PM on July 15, 2005

It doesn't surprise me that it's all so low-tech. Most organisations, even those handling sensitive information (e.g. financial institutions), have shockingly poor systems for handling data in at least one dept. Crude spreadsheets containing outdated copies of data and clunky macros are everywhere.

Similarly, I don't think people realise how many e-commerce sites still email order details through to someone who then prints them out and hands the printouts to someone else who enters the data into the phone order system...posted by malevolent at 2:16 AM on July 16, 2005

It's probably safe to say that this list (2.2MB *.TXT file) from the US Treasury found on cryptome has a good bit of overlap with the "NFL". And for everyone poo-pooing that it's a small list, it's somewhere between 12k and 20k from what I've seen reported.posted by rzklkng at 7:54 AM on July 16, 2005

If I had ever submitted a security solution like this for a client, I'd have fired myself.

There are also many and constantly new virii, trojans, etc. that e-mail the contents of hard drives and mail archives to all sorts of places, including peer-to-peer services.

I'm sure the list is in circulation. That's the Occam's answer for the pings from the CIA.

But are we entirely sure it's actually CIA who is phishing for PDAs?

Is it possible that someone has infected the CIA with a trojan or perhaps owns their "relay2.cia.gov" box for fun and games?

Either way...you never name a document of that sensitivity level in such an intutitve manner...should call such files "0507_XPsgr.xls" at the very least. That's still easy enough to parse out for those who have to reference them every day...yet just odd enough to slightly confuse those that trip up on them accidentally.

Either way...you never name a document of that sensitivity level in such an intutitve manner

Security through obscurity? That's a fairly discredited approach to security. Your enemies should never be able to even list the files on a computer that contain a sensitive document. If they can, it doesn't matter whether your files are called USDALAQ.xls or Top Double Super Secret Spy Plans.doc—you're fucked either way.posted by grouse at 1:36 PM on July 17, 2005

Tags

Share

About MetaFilter

MetaFilter is a weblog that anyone can contribute a link or a comment to. A typical weblog is one person posting their thoughts on the unique things they find on the web. This website exists to break down the barriers between people, to extend a weblog beyond just one person, and to foster discussion among its members.